Burp community forum

Lab: HTTP request smuggling, basic CL.TE vulnerability (Help for a noob)

Julien | Last updated: Aug 18, 2019 04:37PM UTC

Hello, I'm new in this world and I already have an issue on the first lab (F****ng Hell) but i'm not down yet ! Even reading the solution I have issue on finding the "Unrecognized method GPOST" when using the Burp Repeater... Can someone help me ?

Burp User | Last updated: Aug 20, 2019 09:50PM UTC

Hello Julien I tried to explain here, if you still have any doubts give your mail id, I can help you. Login to your lab and capture the request of the lab in burp suite. It will be a get request. Now go the burp suite and sent the proxy to the repeater and in the repeater change the request to POST method and some add other methods as below(change the Host to your client id of the captured request), also don't forget to enter an empty line after G) POST / HTTP/1.1 Host: yourclientid.web-security-academy.net Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 6 Transfer-Encoding: chunked 0 G

You need to Log in to post a reply. Or register here, for free.